Cybersecurity Awareness

How to Protect Against SQL Injection Attacks

What is SQL Injection?

SQL injection is one of the most common web attack mechanisms utilized by attackers to steal sensitive data from organizations. While SQL Injection can affect any data-driven application that uses a SQL database, it is most often used to attack web sites.

SQL Injection is a code injection technique that hackers can use to insert malicious SQL statements into input fields for execution by the underlying SQL database. This technique is made possible because of improper coding of vulnerable web applications.

These flaws arise because...

Email Encryption Guide

Due to the ease of use and near-universal adoption, many individuals and campus departments use email as a primary form of communication for University business. While this works well for many purposes, remember that email is not a secure form of communication and should never be used to transmit restricted data or sensitive information.

Even if a secure email client is used (as is required by bCal), email is not encrypted as it passes between mail servers and may be forwarded by the receiving user to a mail server that does not require a secure client. Also, the identity of the...

How to Protect Against Technical Support Scams

What are Technical Support scams?

In a Technical Support scam, a scam artist will try to contact you by phone or initiate contact via a website (often through a pop-up window in your web browser). The scammer will claim to be a representative from Microsoft, or sometimes pretend to be from UC Berkeley Technical Support. They will highlight common concerns regarding your computer, such as viruses or malware. They will offer to "fix" these manufactured issues by connecting to your system.

What is the possible impact of such scams?

The goal of the scammer is to gain remote access to...

Top 10 Secure Computing Tips

Top Ten Secure Computing Tips"Top 10" List of Secure Computing Tips Tip #1 - You are a target to hackers

Don't ever say, "It won't happen to me." We are all at risk and the stakes are high - both for your personal and financial well-being and for the university's standing and reputation.

Cybersecurity is everyone's...

Cleaning an Infected Computer of Malware

If the system has any data classified as Protection Level 4 (P4)
disconnect it from the network - don't turn it off or unplug it - and
immediately contact at (510) 664-9000 (option 4)

Attackers often leave “backdoors” on a compromised computer and removing them all can be difficult, if not impossible. We recommend reinstalling your operating...

Network Printer Security Best Practices

Multifunction printers (MFPs) are experiencing an identity crisis: IT administrators don't always see them as the full-fledged networked computers they really are. But attackers do - and they are finding them increasingly very attractive!

These printers, shoved in the corner of the office and quietly going about their business of copying, printing, faxing and scanning, might not seem to pose any real security risk. But like any networked device, if not properly managed, they can expose sensitive campus data to unauthorized access and misuse.

To secure your printers from...

Protecting Your Credentials

1. Beware Social Engineering and Phishing Scams

Phishing scams are a significant source of compromised credentials. These scams are a form of social engineering attacks used to trick the unsuspecting user into revealing account information. These scams can occur by phone, email, or text.

Most commonly, a phishing scams are initiated by an email that has the appearance of official business and request that you perform an urgent action, like logging into your account.

Sometimes emails...

Center for Internet Security

About The Center for Internet Security

The Center for Internet Security (CIS) is a community of organizations and individuals seeking actionable security resources. As a member of this community, the UC Berkeley campus has access to Consensus Security Configuration Benchmarks, Scoring Tools, Consensus Security Metric definitions, and discussion forums where we can collaborate on security best practices.

Using CIS Tools and Resources for System Hardening

To get started using tools and resources from CIS, follow these steps...

Database Hardening Best Practices

This checklist was developed by IST system administrators to provide guidance for securing databases storing sensitive or protected data. Implementing these security controls will help to prevent data loss, leakage, or unauthorized access to your databases.

Physical Database Server Security The physical machine hosting a database is housed in a secured, locked and monitored environment to prevent unauthorized entry, access or theft. Application and web servers are not hosted on the same machine as the database server...

Java Security Best Practices

Why is Java such a high-security risk for the campus?

Since late 2011, a multitude of critical vulnerabilities has been discovered in Oracle's Java platform.

In many cases, running the latest available versions of Java offers no protection for users. To date, at least eight zero-day attacks targeted the Java platform, affecting millions of systems. Most exploits require little or no user interaction. Users' systems are compromised...